Addressing the UK NCSC’s Cloud Security Principles

September 20th, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud security. Notably, the UK National Cyber Security Centre offers a framework built around 14 Cloud Security Principles, and we recently updated our response detailing how we address these principles for both Google Cloud Platform (GCP) and G Suite. Google Cloud customers in the UK public sector can use the response to assess the suitability of these Google Cloud products to host their data with sensitivity levels up to “OFFICIAL,” including “OFFICIAL SENSITIVE.”

The 14 NCSC Cloud Security Principles allow service providers like Google Cloud to highlight the security benefits of our products and services in an easily consumable format. Our response provides details about how GCP and G Suite satisfy the recommendations built into each of the principles, and describes the specific best practices, services and certifications that help us address the goals of each recommendation.

The NCSC also provides detailed ChromeOS deployment guidance to help organizations follow its 12 End User Device Security Principles. With an end-to-end solution encompassing GCP, applications and connected devices, Google Cloud provides the appropriate tools and functionality to allow you to adhere to the NCSC’s stringent security guidelines in letter and spirit.